开发者

Changing headers that IIS/ASP.NET sends. Side-effects?

IIS / ASP.NET sends HTTP headers to identify itself by default.

Server               Microsoft-IIS/7.5
X-AspNetMvc-Version  2.0
X-AspNet-Version     4.0.30319
X-Powered-By         ASP.NET

Is there any reason not to remove these? Considering the ASP.NET vulnerabilitie开发者_C百科s recently discovered, some people recommend changing the Server header to that of another server, such as Apache, to throw off scanners looking for affected websites. This seems like a good idea. Are there any unwanted side effects that I'm not thinking of?


I agree with Andrew, but for practical purposes yes this is possible (see here) and I am not aware of any negative side-effects - I believe these exist purely for stat-gathering and "advertising" purposes and the ubiquitous "reserved for future use".


In my experience, such tricks are not useful in the least. Spend your time making sure the server is actually secure, rather than wasting time on hacks of essentially no benefit whatsoever. There are plenty of other more reliable ways to know what operating system and web service a server is running.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜